DELDroid: Determination & Enforcement of Least Privilege Architecture in AnDroid
|
|
- Marshall McDowell
- 5 years ago
- Views:
Transcription
1 DELDroid: Determination & Enforcement of Least Privilege Architecture in AnDroid Mahmoud Hammad Software Engineering Ph.D. Candidate Mahmoud Hammad, Hamid Bagheri, and Sam Malek IEEE International Conference on Software Architecture (ICSA 2017) Gothenburg, Sweden, April /22/2017
2 Android in the market Source: International Data Corporation (IDC) 2
3 Number of apps in Google Play store Source: Statista 3
4 Not as rosy as it may seem Android malware samples Source: NOKIA Threat Intelligence Report 4
5 Over- privileged resource access <<Android system>> FunGame Messaging LevelUp Sender Composer Main ListMsgs Legend Explicit Intent Implicit Intent SMS permission Location permission Private component Activity Service 5
6 Over- privileged Inter- Component Communication <<Android system>> FunGame Messaging LevelUp Sender Composer Main ListMsgs Legend Explicit Intent Implicit Intent SMS permission Location permission Private component Activity Service 6
7 Research problem Components are over- privileged and violate the Least Privilege (LP) principle 7
8 LP in Android documentation The Android system implements the principle of least privilege. That is, each app, by default, has access only to the components that it requires to do its work and no more. This creates a very secure environment in which an app cannot access parts of the system for which it is not given permission. Android security mechanisms treat apps as the minimum security entities 8
9 Security Consequences Hard to comprehend the security posture of an Android system Increases the attack surface Cause many security vulnerabilities Privilege escalation attack Hidden Inter- Component Communication (ICC) attack 9
10 Privilege Escalation Attack // If (checkcallingpermission ("android.permission.send_sms") == PackageManager.PERMISSION_GRANTED) FunGame Messaging i3 i1 LevelUp Sender Composer i2 Main ListMsgs Legend Explicit Intent Implicit Intent ix Intent SMS permission Location permission Activity Service 10
11 Hidden ICC Attack <<external>> FunGame Messaging i3 i1 LevelUp Sender Composer i2 Main ListMsgs Legend Explicit Intent Implicit Intent Dynamically Loaded Code ix Intent SMS permission Location permission Private component Activity Service 11
12 Outline Ø Approach q Experimental Results q Threats & Conclusion 12
13 DELDroid 2. Privilege Analyzer Original Architecture 3. Privilege Reducer Design time A,~~~ B,~~~ C,~~~ Architectural Elements 1. Architectural Elements Extractor LP Architecture 4. Security Analyzer ~~~~ ~~~~~ ~~~ ~~~~~ Analysis Result APKs 5. LP Enforcer Run time Android Apps Layer Privilege Manager Layer Resource Monitor ICC Monitor ECA Rules System Resources Legend DELDroid Step Repository DELDroid transaction Resource request ICC
14 DELDroid 2. Privilege Analyzer Original Architecture 3. Privilege Reducer Design time A,~~~ B,~~~ C,~~~ Architectural Elements 1. Architectural Elements Extractor LP Architecture 4. Security Analyzer ~~~~ ~~~~~ ~~~ ~~~~~ Analysis Result APKs 5. LP Enforcer Run time Android Apps Layer Privilege Manager Layer Resource Monitor ICC Monitor ECA Rules System Resources Legend DELDroid Step Repository DELDroid transaction Resource request ICC
15 DELDroid 2. Privilege Analyzer Original Architecture 3. Privilege Reducer Design time A,~~~ B,~~~ C,~~~ Architectural Elements 1. Architectural Elements Extractor LP Architecture 4. Security Analyzer ~~~~ ~~~~~ ~~~ ~~~~~ Analysis Result APKs 5. LP Enforcer Run time Android Apps Layer Privilege Manager Layer Resource Monitor ICC Monitor ECA Rules System Resources Legend DELDroid Step Repository DELDroid transaction Resource request ICC
16 DELDroid 2. Privilege Analyzer Original Architecture 3. Privilege Reducer Design time A,~~~ B,~~~ C,~~~ Architectural Elements 1. Architectural Elements Extractor LP Architecture 4. Security Analyzer ~~~~ ~~~~~ ~~~ ~~~~~ Analysis Result APKs 5. LP Enforcer Run time Android Apps Layer Privilege Manager Layer Resource Monitor ICC Monitor ECA Rules System Resources Legend DELDroid Step Repository DELDroid transaction Resource request ICC
17 DELDroid 2. Privilege Analyzer Original Architecture 3. Privilege Reducer Design time A,~~~ B,~~~ C,~~~ Architectural Elements 1. Architectural Elements Extractor LP Architecture 4. Security Analyzer ~~~~ ~~~~~ ~~~ ~~~~~ Analysis Result APKs 5. LP Enforcer Run time Android Apps Layer Privilege Manager Layer Resource Monitor ICC Monitor ECA Rules System Resources Legend DELDroid Step Repository DELDroid transaction Resource request ICC
18 DELDroid 2. Privilege Analyzer Original Architecture 3. Privilege Reducer Design time A,~~~ B,~~~ C,~~~ Architectural Elements 1. Architectural Elements Extractor LP Architecture 4. Security Analyzer ~~~~ ~~~~~ ~~~ ~~~~~ Analysis Result APKs 5. LP Enforcer Run time Android Apps Layer Privilege Manager Layer Resource Monitor ICC Monitor ECA Rules System Resources Legend DELDroid Step Repository DELDroid transaction Resource request ICC
19 DELDroid 2. Privilege Analyzer Original Architecture 3. Privilege Reducer Design time A,~~~ B,~~~ C,~~~ Architectural Elements 1. Architectural Elements Extractor LP Architecture 4. Security Analyzer ~~~~ ~~~~~ ~~~ ~~~~~ Analysis Result APKs 5. LP Enforcer Run time Android Apps Layer Privilege Manager Layer Resource Monitor ICC Monitor ECA Rules System Resources Legend DELDroid Step Repository DELDroid transaction Resource request ICC
20 DELDroid 2. Privilege Analyzer Original Architecture 3. Privilege Reducer Design time A,~~~ B,~~~ C,~~~ Architectural Elements 1. Architectural Elements Extractor LP Architecture 4. Security Analyzer ~~~~ ~~~~~ ~~~ ~~~~~ Analysis Result APKs 5. LP Enforcer Run time Android Apps Layer Privilege Manager Layer Resource Monitor ICC Monitor ECA Rules System Resources Legend DELDroid Step Repository DELDroid transaction Resource request ICC
21 Android apps Each Android app, APK file, includes configuration file called manifest file App s bytecode The manifest file specifies: principal components that constitute the app provided interface, i.e., Intent Filters required permissions enforced permissions Bytecode contains among other things: App s business logic Components communications Enforced permissions 21
22 Step 1: Architectural Elements Extractor ID App Component Intent Permissions Type Exported Intents Name Filter Granted Used Enforced 1 Messaging ListMsgs Activity Yes {SMS} 2 Messaging Composer Activity Yes {SMS} {i1} 3 Messaging Sender Service Yes SEND_SMS {SMS} {SMS} 4 FunGame LevelUp Service No {Location} 5 FunGame Main Activity Yes MAIN {Location} {i2} 22
23 DELDroid 2. Privilege Analyzer Original Architecture 3. Privilege Reducer Design time A,~~~ B,~~~ C,~~~ Architectural Elements 1. Architectural Elements Extractor LP Architecture 4. Security Analyzer ~~~~ ~~~~~ ~~~ ~~~~~ Analysis Result APKs 5. LP Enforcer Run time Android Apps Layer Privilege Manager Layer Resource Monitor ICC Monitor ECA Rules System Resources Legend DELDroid Step Repository DELDroid transaction Resource request ICC
24 Multiple Domain Matrix (MDM) MDM models a complex system with multiple domains Each domain is modeled as a Design Structure Matrix (DSM) DSM and MDM are very effective in capturing and analyzing the architecture of a complex system 24
25 Multiple Domain Matrix (MDM) Task 1 Task 2 Task 3 A system with three tasks Task 1 Task 2 Task 3 Task 1 1 Task 2 1 Task 3 1 Design Structure Matrix (DSM) Task 1 Task 2 Task 3 P1 P2 Task- to- person relationship Task 1 Task 2 Task 3 P1 P2 Task Task Task MDM captures the architecture 25
26 The Original architecture 26
27 DELDroid 2. Privilege Analyzer Original Architecture 3. Privilege Reducer Design time A,~~~ B,~~~ C,~~~ Architectural Elements 1. Architectural Elements Extractor LP Architecture 4. Security Analyzer ~~~~ ~~~~~ ~~~ ~~~~~ Analysis Result APKs 5. LP Enforcer Run time Android Apps Layer Privilege Manager Layer Resource Monitor ICC Monitor ECA Rules System Resources Legend DELDroid Step Repository DELDroid transaction Resource request ICC
28 The LP architecture 28
29 Original vs. LP architectures Original Architecture LP Architecture 29
30 DELDroid 2. Privilege Analyzer Original Architecture 3. Privilege Reducer Design time A,~~~ B,~~~ C,~~~ Architectural Elements 1. Architectural Elements Extractor LP Architecture 4. Security Analyzer ~~~~ ~~~~~ ~~~ ~~~~~ Analysis Result APKs 5. LP Enforcer Run time Android Apps Layer Privilege Manager Layer Resource Monitor ICC Monitor ECA Rules System Resources Legend DELDroid Step Repository DELDroid transaction Resource request ICC
31 Privilege escalation analysis Let us assume LevelUp does not use dynamic class loading 31
32 Privilege escalation analysis LP Architecture DELDroidmarks communicate LevelUp, Sender as a potential privilege escalation attack 32
33 DELDroid 2. Privilege Analyzer Original Architecture 3. Privilege Reducer Design time A,~~~ B,~~~ C,~~~ Architectural Elements 1. Architectural Elements Extractor LP Architecture 4. Security Analyzer ~~~~ ~~~~~ ~~~ ~~~~~ Analysis Result APKs 5. LP Enforcer Run time Android Apps Layer Privilege Manager Layer Resource Monitor ICC Monitor ECA Rules System Resources Legend DELDroid Step Repository DELDroid transaction Resource request ICC
34 Communication ECA rule example Event: i ICC occurs Condition: i. senderpkg = FunGame i. sendercomp = LevelUp i. receiverpkg = Messaging Action: prevent 34
35 Resource access ECA rule example Event: resourceaccessrequest Condition: requester = LevelUp service =Context.LOCATION_SERVICE Action: prevent 35
36 DELDroid 2. Privilege Analyzer Original Architecture 3. Privilege Reducer Design time A,~~~ B,~~~ C,~~~ Architectural Elements 1. Architectural Elements Extractor LP Architecture 4. Security Analyzer ~~~~ ~~~~~ ~~~ ~~~~~ Analysis Result APKs 5. LP Enforcer Run time Android Apps Layer Privilege Manager Layer Resource Monitor ICC Monitor ECA Rules System Resources Legend DELDroid Step Repository DELDroid transaction Resource request ICC
37 Outline q Approach Ø Experimental Results q Threats & Conclusion 37
38 Implementation details DELDRoid is a Java application input : set of apps output: LP architecture and ECA rules The enforcement mechanism implemented in the AOSP version 6 (Marshmallow) Privilege Manager introduced a new package in the Android runtime This package does not affect the existing apps Other components are modified such as ActivityManager and ContextWrapper Installed on Android emulator and Nexus 5X phone 38
39 Evaluation RQ1: How effective is DELDroid in reducing the attack surface? RQ2: How effective is DELDroid in detecting and preventing attacks in real- world apps? RQ3: What is the performance of DELDroid? 39
40 Evaluation setup Dataset Apps Distribution Dataset Apps Benign 370 Vulnerable 335 Malicious 225 Malicious 24% Vulnerable 36% Benign 40% Malicious Dataset Malgenome Brain Test AndroTotal Contagio 40
41 RQ1: Attack surface reduction Bundle Apps Components Intent Intent Explicit Implicit Filter Bundle Bundle Bundle Bundle Bundle Bundle Bundle Bundle Bundle Bundle Average Avg. (per app)
42 RQ1: Attack surface reduction communication Bundle Components Intent Intent Communication Domain Explicit Implicit Filter Original LP Reduction (%) Bundle , Bundle , Bundle , Bundle , Bundle , Bundle , Bundle , Bundle , Bundle , Bundle , Average , Avg. (per app) ,
43 RQ1: Attack surface reduction - permission Bundle Components Intent Intent Permission Granted Domain Explicit Implicit Filter Original LP Reduction (%) Bundle , Bundle , Bundle , Bundle , Bundle , Bundle , Bundle , Bundle , Bundle , Bundle , Average , Avg. (per app)
44 RQ1: Attack surface reduction potential attacks Bundle Components Intent Intent Priv. Esca. Security Analysis Explicit Implicit Filter Original LP Bundle ,944 0 Bundle , Bundle ,721 2 Bundle ,551 0 Bundle ,914 2 Bundle ,745 2 Bundle ,503 1 Bundle , Bundle ,428 8 Bundle ,953 3 Average , Avg. (per app)
45 RQ2: Attacks detection and prevention 54 malicious and vulnerable apps The steps and inputs required to create the attacks are known The dataset contains 18 privilege escalation attacks 24 hidden ICC attacks through dynamic class loading Detection: DELDroid analyzes the derived LP architecture Prevention: manually exercise the apps to create the attacks 45
46 RQ2: Privilege escalation detection results FN Malicious behavior not detected (0) 18 privilege escalation TP Malicious behavior detected (18) FP Benign behavior detected (1) Precision ( ) = 94.74% Recall ( ) = 100% 46
47 RQ2: Attacks prevention FN Malicious behavior allowed (0) 18 privilege escalation 24 hidden ICC attacks 42 attacks TP Malicious behavior prevented (42) FP Benign behavior prevented (1) Precision ( ) = 97.76% Recall ( ) = 100% 47
48 RQ3: Performance design time Execution time of running DELDroid on the 10 bundles, repeated 33 times Recovery (min) LP Determination (sec) Analysis (sec) ECA Rules (sec) Average per bundle 69.5 ± ± ± ±
49 RQ3: Performance run time A script that sends 363 requests to an Android system Each request causes the system to perform an ICC transaction On average, DELDroid takes 25 ± 10 milliseconds to check an intercepted ICC 49
50 Outline q Approach q Experimental Results Ø Threats & Conclusion 50
51 Threats to validity Not all hidden ICC communications are malicious Previous study proposed a technique that check the integrity of the loaded code [1] Static analysis tools cannot effectively analyze obfuscated apps integrating dynamic analysis techniques [1] S. Poeplau et al. Execute this! analyzing unsafe and maliciousdynamic code loading in android applications. In NDSS, SanDiego, California, February
52 Conclusion DELDroid is an automated approach for determining and enforcing the LP architecture for an Android system The LP architecture narrows the attack surface and thwarts certain security attacks Experimental results show between 97% to 99% attack surface reduction detecting and preventing security attacks (97% precision and 100% recall) negligible runtime performance overhead 52
53
Dynamic Detection of Inter- Application Communication Vulnerabilities in Android. Daniel Barton
Dynamic Detection of Inter- Application Communication Vulnerabilities in Android Daniel Barton Authors/Paper Metadata Roee Hay IBM Security Omer Tripp IBM T.J. Watson Research Center Marco Pistoia IBM
More informationPractical, Formal Synthesis and Automatic Enforcement of Security Policies for Android
Practical, Formal Synthesis and Automatic Enforcement of Security Policies for Android Hamid Bagheri Alireza Sadeghi Reyhaneh Jabbarvand Sam Malek School of Information and Computer Sciences University
More informationSecurity Philosophy. Humans have difficulty understanding risk
Android Security Security Philosophy Humans have difficulty understanding risk Safer to assume that Most developers do not understand security Most users do not understand security Security philosophy
More informationON AUTOMATICALLY DETECTING SIMILAR ANDROID APPS. By Michelle Dowling
ON AUTOMATICALLY DETECTING SIMILAR ANDROID APPS By Michelle Dowling Motivation Searching for similar mobile apps is becoming increasingly important Looking for substitute apps Opportunistic code reuse
More informationReDroid: Prioritizing Data Flows and Sinks for App Security Transformation
FEAST 2017 ReDroid: Prioritizing Data Flows and Sinks for App Security Transformation Ke Tian*, Gang Tan^, Daphne Yao*, Barbara Ryder* *Department of Computer Science Virginia Tech ^Department of CSE Penn
More informationMandatory Access Control for the Android Dalvik VM
Mandatory Access Control for the Android Dalvik VM ESOS 13 Aline Bousquet, Jérémy Briffaut, Laurent Clevy, Christian Toinard, Benjamin Venelle June 25, 2013 Esos 13 Mandatory Access Control for the Android
More informationKratos: Discovering Inconsistent Security Policy Enforcement in the Android Framework
Kratos: Discovering Inconsistent Security Policy Enforcement in the Android Framework Yuru Shao, Jason Ott, Qi Alfred Chen, Zhiyun Qian, Z. Morley Mao University of Michigan, University of California Riverside
More informationCollusive Data Leak and More: Large-scale Threat Analysis of Inter-app Communications. Amiangshu Bosu, Fang Liu, Danfeng (Daphne) Yao, & Gang Wang
Collusive Data Leak and More: Large-scale Threat Analysis of Inter-app Communications Amiangshu Bosu, Fang Liu, Danfeng (Daphne) Yao, & Gang Wang http://mashable.com/2013/10/30/department-of-defense-app-store/#ijubpfyljaq4
More informationStatic Verification of Android Security
Static Verification of Android Security Michele Bugliesi based on work with Stefano Calzavara and Alvise Spanò appeared at FORTE/FMOODS Int. Conf. 2013 Università Ca Foscari Venezia Dipartimento di Scienze
More information2 Lecture Embedded System Security A.-R. Darmstadt, Android Security Extensions
2 Lecture Embedded System Security A.-R. Sadeghi, @TU Darmstadt, 2011-2014 Android Security Extensions App A Perm. P 1 App B Perm. P 2 Perm. P 3 Kirin [2009] Reference Monitor Prevents the installation
More informationAndroid Analysis Tools. Yuan Tian
Android Analysis Tools Yuan Tian Malware are more creative: XcodeGhost More than 300 a pps are infected, including wechat and netease Collect device ID, Apple ID and p assword 10/3/15 CMU Mobile Security
More informationResolving the Predicament of Android Custom Permissions
Resolving the Predicament of Android Custom Permissions Güliz Seray Tuncay, Soteris Demetriou, Karan Ganju, Carl A. Gunter University of Illinois at Urbana - Champaign #NDSS18 Install-time Permissions
More informationAccess Control for Plugins in Cordova-based Hybrid Applications
2017 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising
More information1. GOALS and MOTIVATION
AppSeer: Discovering Interface Defects among Android Components Vincenzo Chiaramida, Francesco Pinci, Ugo Buy and Rigel Gjomemo University of Illinois at Chicago 4 September 2018 Slides by: Vincenzo Chiaramida
More informationCSCI 420: Mobile Application Security. Lecture 15. Prof. Adwait Nadkarni
CSCI 420: Mobile Application Security Lecture 15 Prof. Adwait Nadkarni 1 Running scripts from home apktool instructions: Move both files (apktool.jar & apktool) to /usr/local/bin (root needed) No-root
More informationRUNTIME PERMISSIONS IN ANDROID 6.0 Lecture 10a
RUNTIME PERMISSIONS IN ANDROID 6.0 Lecture 10a COMPSCI 702 Security for Smart-Devices Muhammad Rizwan Asghar March 20, 2018 2 ANDROID 6.0 A version of the Android mobile operating system officially released
More informationOn Mobile Malware Infections N. Asokan
On Mobile Malware Infections N. Asokan (joint work with Hien Thi Thu Truong, Eemil Lagerspetz, Petteri Nurmi, Adam J. Oliner, Sasu Tarkoma, Sourav Bhattacharya) Mobile malware alarm bells Google Search
More informationCollusive Data Leak and More: Large-scale Threat Analysis of Inter-app Communications
Collusive Data Leak and More: Large-scale Threat Analysis of Inter-app Communications Amiangshu Bosu, Fang Liu, Danfeng (Daphne) Yao, Gang Wang Department of Computer Science, Southern Illinois University,
More informationMobile Device and Platform Security Part II
CS 155 Spring 2018 Mobile Device and Platform Security Part II John Mitchell Two lectures on mobile security Introduction: platforms and trends Threat categories Physical, platform malware, malicious apps
More informationPractical Attack Scenarios on Secure Element-enabled Mobile Devices
Practical Attack Scenarios on Secure Element-enabled Mobile Devices Michael Roland University it of Applied Sciences Upper Austria,, Austria 4 th International Workshop on Near Field Communication 13 March
More informationHinDroid: An Intelligent Android Malware Detection System Based on Structured Heterogeneous Information Network
HinDroid: An Intelligent Android Malware Detection System Based on Structured Heterogeneous Information Network Shifu Hou 1, Yanfang Ye 1, Yangqiu Song 2, Melih Abdulhayoglu 3 1. Department of CSEE, West
More informationLecture 10. Denial of Service Attacks (cont d) Thursday 24/12/2015
Lecture 10 Denial of Service Attacks (cont d) Thursday 24/12/2015 Agenda DoS Attacks (cont d) TCP DoS attacks DNS DoS attacks DoS via route hijacking DoS at higher layers Mobile Platform Security Models
More informationAndroid Application Development
Android Application Development Course Code: AND-401 Version 7 (Nougat) 2016 Android ATC Published by: Android ATC Fourth Printing: December 2016. First Printing: October 2013. ISBN: 978-0-9900143-8-6
More informationA Large-Scale Empirical Study on the Effects of Code Obfuscations on Android Apps and Anti-Malware Products
Department of Informatics University of California, Irvine Irvine, California, USA {hammadm, joshug4, malek}@uci.edu ABSTRACT The Android platform has been the dominant mobile platform in recent years
More informationAdvanced Systems Security: Ordinary Operating Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationApplications Mobiles et Internet des Objets Introduction a l architecture d Android
Applications Mobiles et Internet des Objets Introduction a l architecture d Android Thibault CHOLEZ - thibault.cholez@loria.fr TELECOM Nancy - Universite de Lorraine LORIA - INRIA Nancy Grand-Est From
More informationSECURE2013 ANDROTOTAL A SCALABLE FRAMEWORK FOR ANDROID ANTIMALWARE TESTING
SECURE2013 ANDROTOTAL A SCALABLE FRAMEWORK FOR ANDROID ANTIMALWARE TESTING Federico Maggi, Andrea Valdi, Stefano Zanero Politecnico di Milano, DEIB fede@maggi.cc ROADMAP 1. Android threats and protections
More information1 Introduction Requirements Architecture Feature List... 4
Contents 1 Introduction... 2 1.1 Requirements... 2 1.2 Architecture... 3 1.3 Feature List... 4 1.3.1 Device Compliance status... 4 1.3.2 Auto grouping for devices... 5 1.3.3 Auto grouping for applications...
More informationVMware AirWatch Integration with Palo Alto Networks WildFire Integrate your application reputation service with AirWatch
VMware AirWatch Integration with Palo Alto Networks WildFire Integrate your application reputation service with AirWatch Multiple AirWatch versions Have documentation feedback? Submit a Documentation Feedback
More informationMOBILE THREAT LANDSCAPE. February 2018
MOBILE THREAT LANDSCAPE February 2018 WHERE DO MOBILE THREATS COME FROM? In 2017, mobile applications have been a target of choice for hackers to access and steal data, with 86% of mobile threats coming
More informationATC Android Application Development
ATC Android Application Development 1. Android Framework and Android Studio b. Android Platform Architecture i. Linux Kernel ii. Hardware Abstraction Layer(HAL) iii. Android runtime iv. Native C/C++ Libraries
More informationWhen providing a native mobile app ruins the security of your existing web solution. CyberSec Conference /11/2015 Jérémy MATOS
When providing a native mobile app ruins the security of your existing web solution CyberSec Conference 2015 05/11/2015 Jérémy MATOS whois securingapps Developer background Spent last 10 years working
More informationC1: Define Security Requirements
OWASP Top 10 Proactive Controls IEEE Top 10 Software Security Design Flaws OWASP Top 10 Vulnerabilities Mitigated OWASP Mobile Top 10 Vulnerabilities Mitigated C1: Define Security Requirements A security
More informationInformation-Flow Analysis of Android Applications in DroidSafe
Information-Flow Analysis of Android Applications in DroidSafe Michael I. Gordon, Deokhwan Kim, Jeff Perkins, and Martin Rinard MIT CSAIL Limei Gilham Kestrel Institute Nguyen Nguyen Global InfoTek, Inc.
More informationTongbo Luo Cong Zheng Zhi Xu Xin Ouyang ANTI-PLUGIN: DON T LET YOUR APP PLAY AS AN ANDROID PLUGIN
Tongbo Luo Cong Zheng Zhi Xu Xin Ouyang ANTI-PLUGIN: DON T LET YOUR APP PLAY AS AN ANDROID PLUGIN Bio Black Hat Veteran. Principle Security Researcher @ PANW. Mobile Security - Discover Malware - Android
More informationHackveda Training - Ethical Hacking, Networking & Security
Hackveda Training - Ethical Hacking, Networking & Security Day1: Hacking windows 7 / 8 system and security Part1 a.) Windows Login Password Bypass manually without CD / DVD b.) Windows Login Password Bypass
More informationSecure Element APIs and Practical Attacks on Secure Element-enabled Mobile Devices
Secure Element APIs and Practical Attacks on Secure Element-enabled Mobile Devices Michael Roland University it of Applied Sciences Upper Austria,, Austria WIMA 2012 NFC Research Track 11 April 2012, Monaco
More informationChrome Extension Security Architecture
Chrome Extension Security Architecture Presenter: Jienan Liu Network, Intelligence & security Lab outline Chrome extension introduction Threats towards extension Chrome extension s security architecture
More informationScippa: System-Centric IPC Provenance on Android
Scippa: System-Centric IPC Provenance on Android Michael Backes, Sven Bugiel, Sebastian Gerling Saarland Univeristy, Germany 2014 Annual Computer Security Applications Conference Presenter: Qi Wang 1 Android
More informationVMware AirWatch Integration with Palo Alto Networks WildFire Integrate your application reputation service with AirWatch
VMware AirWatch Integration with Palo Alto Networks WildFire Integrate your application reputation service with AirWatch Multiple AirWatch versions Have documentation feedback? Submit a Documentation Feedback
More informationDetecting Advanced Android Malware by Data Flow Analysis Engine. Xu Hao & pll
Detecting Advanced Android Malware by Data Flow Analysis Engine Xu Hao & pll 2013.09 Content Background adfaer - Android Data Flow Analyzer Janus - Detect Reflection Experiment Future Work Android Security
More informationLecture Embedded System Security
Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Germany Summer Term 2011 Overview Introduction Android Software Stack Android
More informationAn Effective Access Control Scheme for Preventing Permission Leak in Android
An Effective Access Control Scheme for Preventing Permission Leak in Android Longfei Wu 1, Xiaojiang Du 1, and Hongli Zhang 2 1 Department of Computer and Information Science, Temple University, Philadelphia,
More informationFormal Security Analysis of Android Apps
Formal Security Analysis of Android Apps Matteo Maffei S&P Security and Privacy Group Exploits extremely slow patching process Exploits OS vulnerabilities Breaks sandbox separation logic by notifications
More informationMOBILE THREAT PREVENTION
MOBILE THREAT PREVENTION BEHAVIORAL RISK ANALYSIS AN ADVANCED APPROACH TO COMPREHENSIVE MOBILE SECURITY Accurate threat detection and efficient response are critical components of preventing advanced attacks
More informationID: Sample Name: SMS_MMS_1.0_1.apk Cookbook: defaultandroidfilecookbook.jbs Time: 14:20:20 Date: 01/12/2017 Version:
ID: 38864 Sample Name: SMS_MMS_1.0_1.apk Cookbook: defaultandroidfilecookbook.jbs Time: 14:20:20 Date: 01/12/201 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview General Information
More informationThings You May Not Know About Android (Un)Packers: A Systematic Study based on Whole- System Emulation
Things You May Not Know About Android (Un)Packers: A Systematic Study based on Whole- System Emulation Yue Duan, Mu Zhang, Abhishek Vasisht Bhaskar, Heng Yin, Xiaorui Pan, Tongxin Li, Xueqiang Wang, XiaoFeng
More informationSmelly APIs in Android ICC
Smelly APIs in Android ICC Analysis of source code and relevant metadata Bachelor Thesis Astrid Ytrehorn from Volda, Norway Philosophisch-naturwissenschaftlichen Fakultät der Universität Bern Summer 2018
More informationMobile Malfeasance. Exploring Dangerous Mobile Code. Jason Haddix, Director of Penetration Testing
Mobile Malfeasance Exploring Dangerous Mobile Code Jason Haddix, Director of Penetration Testing Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to
More informationMcAfee MVISION Mobile epo Extension Product Guide
McAfee MVISION Mobile epo Extension 1809 Product Guide September 11, 2018 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator,
More information6.858 Quiz 2 Review. Android Security. Haogang Chen Nov 24, 2014
6.858 Quiz 2 Review Android Security Haogang Chen Nov 24, 2014 1 Security layers Layer Role Reference Monitor Mandatory Access Control (MAC) for RPC: enforce access control policy for shared resources
More informationAndroid System Architecture. Android Application Fundamentals. Applications in Android. Apps in the Android OS. Program Model 8/31/2015
Android System Architecture Android Application Fundamentals Applications in Android All source code, resources, and data are compiled into a single archive file. The file uses the.apk suffix and is used
More informationLET S TALK MONEY. Fahad Pervaiz. Sam Castle, Galen Weld, Franziska Roesner, Richard Anderson
LET S TALK MONEY Fahad Pervaiz Sam Castle, Galen Weld, Franziska Roesner, Richard Anderson Unbanked Population Branchless Banking Bank/Financial Institute Bank of America, Standard Chartered Bank Telecommunication
More informationAutomated Generation of Event-Oriented Exploits in Android Hybrid Apps
Automated Generation of Event-Oriented Exploits in Android Hybrid Apps Guangliang Yang, Jeff Huang, and Guofei Gu *Secure Communication and Computer Systems Lab Texas A&M University In Android, the hybrid
More informationMobile OS. Symbian. BlackBerry. ios. Window mobile. Android
Ing. Elton Domnori December 7, 2011 Mobile OS Symbian BlackBerry Window mobile Android ios Mobile OS OS First release Last release Owner Android Android 1.0 September 2008 Android 4.0 May 2011 Open Handset
More informationRethinking Permission Enforcement Mechanism on Mobile Systems
Rethinking Permission Enforcement Mechanism on Mobile Systems Yuan Zhang, Min Yang, Guofei Gu, and Hao Chen Abstract To protect sensitive resources from unauthorized use, modern mobile systems, such as
More informationMRG Effitas Android AV review
MRG Effitas Android AV review 1 Contents Introduction... 3 Tests Applied... 3 Test samples... 4 Security Applications Tested... 5 Test Results... 5 Conclusions... 10 2 Introduction MRG Effitas is an independent
More informationViryaOS RFC: Secure Containers for Embedded and IoT. A proposal for a new Xen Project sub-project
ViryaOS RFC: Secure Containers for Embedded and IoT A proposal for a new Xen Project sub-project Stefano Stabellini @stabellinist The problem Package applications for the target Contain all dependencies
More informationCS378 -Mobile Computing. Intents
CS378 -Mobile Computing Intents Intents Allow us to use applications and components that are part of Android System and allow other applications to use the components of the applications we create Examples
More informationAndroid Application Development Course Code: AND-401 Version 7 Duration: 05 days
Let s Reach For Excellence! TAN DUC INFORMATION TECHNOLOGY SCHOOL JSC Address: 103 Pasteur, Dist.1, HCMC Tel: 08 38245819; 38239761 Email: traincert@tdt-tanduc.com Website: www.tdt-tanduc.com; www.tanducits.com
More informationA Framework for Evaluating Mobile App Repackaging Detection Algorithms
A Framework for Evaluating Mobile App Repackaging Detection Algorithms Heqing Huang, PhD Candidate. Sencun Zhu, Peng Liu (Presenter) & Dinghao Wu, PhDs Repackaging Process Downloaded APK file Unpack Repackaged
More informationDeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices
DeepDroid: Dynamically Enforcing Enterprise Policy on Android Devices Xueqiang Wang 1, Kun Sun 2, Yuewu Wang 1, Jiwu Jing 1 1 Institute of Information Engineering, CAS 2 College of William and Mary Mon,
More informationAndroid ATC Android Security Essentials Course Code: AND-402 version 5 Hands on Guide to Android Security Principles
Android ATC Android Security Essentials Course Code: AND-402 version 5 Hands on Guide to Android Security Principles Android Security Essentials Course Code: AND-402 version 5 Copyrights 2015 Android ATC
More informationAndroid Application Development Course 28 Contact Hours
Android Application Development Course 28 Contact Hours Course Overview This course that provides the required knowledge and skills to design and build a complete Androidâ application. It delivers an extensive
More informationRuntime Application Self-Protection (RASP) Performance Metrics
Product Analysis June 2016 Runtime Application Self-Protection (RASP) Performance Metrics Virtualization Provides Improved Security Without Increased Overhead Highly accurate. Easy to install. Simple to
More informationTackling runtime-based obfuscation in Android with TIRO
Tackling runtime-based obfuscation in Android with Michelle Wong and David Lie University of Toronto Usenix Security 2018 Android malware and analysis Mobile devices are a valuable target for malware developers
More informationCuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes
CuriousDroid: Automated User Interface Interaction for Android Application Analysis Sandboxes Patrick Carter, Collin Mulliner, Martina Lindorfer, William Robertson, Engin Kirda 02/23/2016 Android 2015
More informationIT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,
IT Security Training MS-500: Microsoft 365 Security Administration $2,595.00 4 Days Upcoming Dates Course Description Day 1: Managing Microsoft 365 Identity and Access (MS-500T01-A) Help protect against
More informationUsing Network Traffic to Remotely Identify the Type of Applications Executing on Mobile Devices. Lanier Watkins, PhD
Using Network Traffic to Remotely Identify the Type of Applications Executing on Mobile Devices Lanier Watkins, PhD LanierWatkins@gmail.com Outline Introduction Contributions and Assumptions Related Work
More informationCloPlag. A Study of Effects of Code Obfuscation to Clone/Plagiarism Detection Tools. Jens Krinke, Chaiyong Ragkhitwetsagul, Albert Cabré Juan
CloPlag A Study of Effects of Code Obfuscation to Clone/Plagiarism Detection Tools Jens Krinke, Chaiyong Ragkhitwetsagul, Albert Cabré Juan 1 Outline Background Motivation and Research Questions Tools
More informationUsing Sensitive Information on Android Based Smartphone. Romke van Dijk
Using Sensitive Information on Android Based Smartphone Romke van Dijk Android 6: To what extent is sensitive information protected? RQ1 Requirements RQ2 & RQ3 Android s security features RQ4 Sensitive
More informationEnterprise Ready. Sean Yarger. Sr. Manager, Mobility and Identity. Making Android Enterprise Ready 1
Making Enterprise Ready Sean Yarger Sr. Manager, Mobility and Identity Making Android Enterprise Ready 1 Enterprise Benefits of Android Java-based, get up and running with ease Open source, no license
More informationPrivilege Escalation via adbd Misconfiguration
Privilege Escalation via adbd Misconfiguration 17/01/2018 Software Affected Versions CVE Reference Author Severity Vendor Vendor Response Android Open Source Project (AOSP) Android 4.2.2 to Android 8.0
More informationIncident Response. Is Your CSIRT Program Ready for the 21 st Century?
Incident Response Is Your CSIRT Program Ready for the 21 st Century? Speaker Bio Traditional Response Concepts Technical Incidents Requiring Technical Responses Virus/ Malware Network Intrusion Disaster
More informationJoe Stocker, CISSP, MCITP, VTSP Patriot Consulting
Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting Microsoft Cloud Evangelist at Patriot Consulting Principal Systems Architect with 17 Years of experience Technical certifications: MCSE, MCITP Office
More informationSchedule document N4MDM. PUBLIC Node4 limited 31/11/2018. Node4 Limited Millennium Way Pride Park Derby DE24 8HZ
Schedule document N4MDM PUBLIC Node4 limited 31/11/2018 Schedule document N4MDM This Schedule contains additional terms, Service Description & Service Level Agreement applicable to the N4 End Point Management
More informationSCHEDULE DOCUMENT N4MDM PUBLIC NODE4 LIMITED 13/07/2017. Node4 Limited Millennium Way Pride Park Derby DE24 8HZ
SCHEDULE DOCUMENT N4MDM PUBLIC NODE4 LIMITED 13/07/2017 SCHEDULE This Schedule contains additional terms, Service Description & Service Level Agreement applicable to the N4 End Point Management Service
More informationCHECK POINT SANDBLAST MOBILE BEHAVIORAL RISK ANALYSIS
CHECK POINT SANDBLAST MOBILE BEHAVIORAL RISK ANALYSIS AN ADVANCED APPROACH TO COMPREHENSIVE MOBILE SECURITY Accurate threat detection and efficient response are critical components of preventing advanced
More informationIntroduction to Android
Introduction to Android Ambient intelligence Alberto Monge Roffarello Politecnico di Torino, 2017/2018 Some slides and figures are taken from the Mobile Application Development (MAD) course Disclaimer
More informationMan-In-The-Disk. Slava Makkaveev DEF CON 2018
Man-In-The-Disk Slava Makkaveev DEF CON 2018 Me Slava Makkaveev Security Researcher Check Point Software Technologies Ltd. PhD in Computer Science Reverse engineering and vulnerability research Android
More informationEM L01 Introduction to Mobile
EM L01 Introduction to Scott Jareo Principal Field Enablement Mgr. 1 Agenda 1 Welcome and Introduction 2 Overview 3 Lab Exercises 4 Resources and Conclusion 2 Leading Concerns In Enterprise Mobility Discussions
More informationDeliver Strong Mobile App Security and the Ultimate User Experience
Deliver Strong Mobile App Security and the Ultimate User Experience The Presenters Will LaSala, Director of Services @ VASCO Will has been with VASCO since 2001 and over the years has been involved in
More informationArchitecture Modeling and Analysis of Security in Android Systems
Architecture Modeling and Analysis of Security in Android Systems Bradley Schmerl 1, Jeff Gennari 1, Alireza Sadeghi 2, Hamid Bagheri 3, Sam Malek 2, Javier Cámara 1, and David Garlan 1 1 Institute for
More informationContent Security Policy
About Tim Content Security Policy New Tools for Fighting XSS Pentester > 10 years Web Applications Network Security Products Exploit Research Founded Blindspot Security in 2014 Pentesting Developer Training
More informationLabels and Information Flow
Labels and Information Flow Robert Soulé March 21, 2007 Problem Motivation and History The military cares about information flow Everyone can read Unclassified Few can read Top Secret Problem Motivation
More informationLecture 1 - Introduction to Android
Lecture 1 - Introduction to Android This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/
More informationManaging Microsoft 365 Identity and Access
Course MS-500T01-A: Managing Microsoft 365 Identity and Access Page 1 of 3 Managing Microsoft 365 Identity and Access Course MS-500T01-A: 1 day; Instructor-Led Introduction Help protect against credential
More informationSandboxing untrusted code: policies and mechanisms
Sandboxing untrusted code: policies and mechanisms Frank Piessens (Frank.Piessens@cs.kuleuven.be) Secappdev 2011 1 Overview Introduction Java and.net Sandboxing Runtime monitoring Information Flow Control
More informationThe Attacker s POV Hacking Mobile Apps. in Your Enterprise to Reveal Real Vulns and Protect the Business. Tony Ramirez
The Attacker s POV Hacking Mobile Apps in Your Enterprise to Reveal Real Vulns and Protect the Business Tony Ramirez AGENDA & SPEAKERS Introduction Attacks on Mobile Live Demo Recommendations Q&A Tony
More informationOWASP German Chapter Stammtisch Initiative/Ruhrpott. Android App Pentest Workshop 101
OWASP German Chapter Stammtisch Initiative/Ruhrpott Android App Pentest Workshop 101 About What we will try to cover in the first session: Setup of a Mobile Application Pentest Environment Basics of Mobile
More informationPrivacy-ABC Technologies on Mobile Phones
Privacy-ABC Technologies on Mobile Phones Dr. Gert Læssøe Mikkelsen, Alexandra Institute A/S ABC4Trust Summit Event Brussels, January 20, 2015 A research project funded by the European Commission s 7th
More informationAriadnima - Android Component Flow Reconstruction and Visualization
2017 IEEE 31st International Conference on Advanced Information Networking and Applications Ariadnima - Android Component Flow Reconstruction and Visualization Dennis Titze, Konrad Weiss, Julian Schütte
More informationSTUDY OF PRIVILEGE ESCALATION ATTACK ON ANDROID AND ITS COUNTERMEASURES
STUDY OF PRIVILEGE ESCALATION ATTACK ON ANDROID AND ITS COUNTERMEASURES REJO MATHEW Department of Information Technology, NMIMS University, MPSTME, Mumbai, Maharashtra 400056, India rejo.mathew@nmims.edu
More informationThe SANS Institute Top 20 Critical Security Controls. Compliance Guide
The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise
More informationOWASP Top David Caissy OWASP Los Angeles Chapter July 2017
OWASP Top 10-2017 David Caissy OWASP Los Angeles Chapter July 2017 About Me David Caissy Web App Penetration Tester Former Java Application Architect IT Security Trainer: Developers Penetration Testers
More informationHardening the Modern Windows Client Let s NOT break it this time
Hardening the Modern Windows Client Let s NOT break it this time Raymond P.L. Comvalius Raymond Comvalius IT Infra Architect/Trainer MVP Windows IT Pro Zelfstandig sinds 1998 Agenda History of Hardening
More informationWhat s in Your Dongle and Bank Account? Mandatory and Discretionary Protection of Android External Resources
What s in Your Dongle and Bank Account? Mandatory and Discretionary Protection of Android External Resources Soteris Demetriou, Xiaoyong Zhou, Muhammad Naveed, Yeonjoon Lee, Kan Yuan, XiaoFeng Wang, Carl
More informationLecture 08. Android Permissions Demystified. Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, David Wagner. Operating Systems Practical
Lecture 08 Android Permissions Demystified Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, David Wagner Operating Systems Practical 20 November, 2013 OSP Lecture 08, Android Permissions Demystified
More informationCMSC436: Fall 2013 Week 4 Lab
CMSC436: Fall 2013 Week 4 Lab Objectives: Familiarize yourself with Android Permission and with the Fragment class. Create simple applications using different Permissions and Fragments. Once you ve completed
More informationLecture 2 Android SDK
Lecture 2 Android SDK This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/ or send a
More information